WhiteHawk Limited (ASX:WHK) today announced the extension and expansion of a contract to provide its Cyber Risk Radar to a top 12 US defense industrial base (DIB) company for supply chain risk management.
WhiteHawk is the first global online cyber security exchange enabling small-to-medium businesses — those with revenues of up to US$1 billion — to take smart action against cybercrime. Its Cyber Risk Radar, formerly the 360 Cyber Risk Framework, for supply chain and vendor companies, monitors, identifies, prioritises, and mitigates cyber risks across third party suppliers and vendors.
The DIB company is a large tier 1 organisation, but due to sensitivity of Cybersecurity Risk focused work WhiteHawk cannot reveal its name at this stage.
This deal, which has been in the works for over a year, establishes an annual subscription supply chain cyber risk management program for 150 suppliers/vendors of the DIB company and over US$500,000.
WhiteHawk will now establish a permanent program with the DIB company after the pair entered an initial contract in December 2018, which was then extended in June 2019.
This top 12 DIB company has contracted with WhiteHawk to implement a comprehensive Cyber Risk Radar, including provisioning of an integrated online Software as a Service (SaaS) subscription augmented by consulting services.
Through quarterly reporting, the customer will establish a Cyber Risk Rating baseline for its key supplier companies on US federal contracts via continuous monitoring, alerts, prioritisation and mitigation of business and cyber risks across three tiers of suppliers and vendors, in near real time. This will provide intelligence into the cyber health and status of the customer’s suppliers in advance of tightening government benchmarks and requirements.
The customer will receive quarterly WhiteHawk Cyber Risk Scorecards for 150 critical suppliers and Risk Portfolio Reports across the entire population of suppliers. These reports, developed by WhiteHawk, summarise key findings and make prioritised recommendations for each supplier company to measurably advance their cyber maturity.
The customer will also maintain access to a comprehensive business ecosystem dashboard that includes business, technical, and security risks. This gives the customer the ability to view and monitor the identified suppliers’ cyber security risk ratings, business risk scores, and WhiteHawk Cyber Risk Scorecards in a single location.
Terry Roberts, Executive Chair of WhiteHawk, commented, “This opportunity to demonstrate at scale our integration and prioritisation of commercial cyber risk monitoring and mitigation across 150 US Department of Defense cyber organisations and professionals is something we have worked to achieve for over a year.
“With the expansion of this contract we can now showcase how new Department of Defense supply chain cyber risk objectives, guidelines and certifications can be automated across thousands of Defense Contractors and Suppliers as never before.”
US Defense industry prioritises cybersecurity
Today’s contract extension, in conjunction with WhiteHawk’s top 5 finish in DIB outreach challenge, solidifies WhiteHawk’s presence in the US Defense industry, which is in severe need of supply chain cyber risk mitigation services.
The US Department of Defense (DoD) is currently embarking upon an ambitious schedule for a serious overhaul of the way it monitors and enforces cybersecurity within its industrial base.
The DoD is working on a tiered cybersecurity framework, the Cybersecurity Maturity Model Certification (CMMC), under which contractors will have to abide by depending on the sensitivity of systems they’re charged with protecting.
This comes as the US finds itself in strategic competition against actors such as Russia and China — nations that have sought to exfiltrate the data of US Defense contractors, especially smaller companies at the lowest levels.
The National Security Agency’s (NSA) Gen. Paul Nakasone explained, “We must better protect our nation’s advantage and the Defense sector from intellectual property theft. This means working closely with the Defense industries and those who provide cybersecurity solutions to them.”